Re: [libvirt] kernel summit topic - 'containers end-game'

[Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>]

Serge E. Hallyn wrote:
> Quoting Balbir Singh (balbir-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org):
>   
>> On Tue, Jun 23, 2009 at 8:26 PM, Serge E. Hallyn<serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
>>     
>>> A topic on ksummit agenda is 'containers end-game and how do we
>>> get there'.
>>>
>>> So for starters, looking just at application (and system) containers, what do
>>> the libvirt and liblxc projects want to see in kernel support that is currently
>>> missing?  Are there specific things that should be done soon to make containers
>>> more useful and usable?
>>>
>>> More generally, the topic raises the question... what 'end-games' are there?
>>> A few I can think of off-hand include:
>>>
>>>        1. resource control
>>>       
>> We intend to hold a io-controller minisummit before KS, we should have
>> updates on that front. We also need to discuss CPU hard limits and
>> Memory soft limits. We need control for memory large page, mlock, OOM
>> notification support, shared page accounting, etc. Eventually on the
>> libvirt front, we want to isolate cgroup and lxc support into
>> individual components (long term)
>>     
>
> Thanks, Balbir.  By the last sentence, are you talking about having
> cgroup in its own libcgroup, or do you mean something else?
>
> On the topic of cgroups, does anyone not agree that we should try
> to get rid of the ns cgroup, at least once user namespaces can
> prevent root in a container from escaping their cgroup?
>   
I agree if there is a compatibility flag to clone the parent when 
creating a new cgroup, as suggested Paul.

Thanks
  -- Daniel